I’m currently working on a node application using the oidc-middleware package to handle logging in, and jwt-verifier to verify claims for api calls.
Our access tokens have a life of one hour, which means users need to log in again several times during the day.
We’re able to get a refresh token from okta- in this context of Node, how do we use this refresh token to get a new access token and populate our userContext with the new value? I’m having trouble finding any steps on this, or if it’s possible using the packages as-is.
I think I’ve figured out a solution, if anyone stumbles on this.
app.use(async function (req, res, next) {
let userContext = req["userContext"];
if (!userContext) {
next();
return;
}
let tokens = userContext["tokens"];
if (!tokens) {
next();
return;
}
if (req["userContext"]["tokens"]["expires_at"] > Date.now() / 1000) {
next();
return;
}
let oktaClientId = "cliend id";
let oktaClientSecret = "client secret";
let options = {
method: "POST",
host: "host",
path: "/oauth2/default/v1/token?grant_type=refresh_token&redirect_uri=http://localhost:1337&scope=offline_access%20openid&refresh_token=" + tokens["refresh_token"],
headers: {
"accept": "application/json",
"authorization": "Basic " + new Buffer(oktaClientId + ":" + oktaClientSecret).toString('base64'),
"cache-control": "no-cache",
"content-type": "application/x-www-form-urlencoded"
}
};
let oktaReq = https.request(options, function (resp) {
let data = '';
resp.on("data", function (d) {
data += d;
});
resp.on("end", function () {
let newTokens = JSON.parse(data);
req["userContext"]["tokens"]["access_token"] = newTokens["access_token"];
req["userContext"]["tokens"]["refresh_token"] = newTokens["refresh_token"];
req["userContext"]["tokens"]["id_token"] = newTokens["id_token"];
req["userContext"]["tokens"]["scope"] = newTokens["scope"];
req["userContext"]["tokens"]["expires_at"] = Math.floor(Date.now() / 1000) + newTokens["expires_in"];
next()
});
});
oktaReq.on('error', function(e) {
console.error(`Exception while attempting to get refresh access token: ${e.message} `);
next()
});
oktaReq.end();
});
I guess my confusion was coming from the fact that I thought there was a way to do the refresh using okta’s packages, with some provided method or a config setting- or that it would detect that it was given a refresh token and take care of it itself.